Watch your back: The mounting risks of unauthorized data access, theft and corruption in secondary storage. (SAN).
Secondary storage, such as backup and replication, equates to greater application availability, recovery and business continuity. It is also associated with greater data volume than primary storage. In practice, we are talking about managing large backup processes and tape libraries, cataloging and storing (distributing, vaulting vaulting
Gymnastics exercise in which the athlete leaps over a form that was originally intended to mimic a horse. At one time, the pommel horse was used in the vaulting exercise, with the pommels (handles) removed. and scratching) numerous tapes, pooling and virtualizing backup resources for better economies. It may also allow transferring images and data outside the glass house to peer data centers or service providers. In some cases, some or part of backup, vaulting or recovery projects are outsourced. Today, these storage functions are handled by more people, transferring stored data to more locations and placing sensitive data on more dispersed mediums. While backup and replication inherently preserves data, the risk of unauthorized data access, theft or corruption in secondary storage is mounting.
Tape media is considered the most reliable and most prevalent source for enterprise data recovery. These backup tapes See tape backup. are small, portable and typically stored outside the confines of the data center for offsite disaster recovery purposes. Most stored data on tapes is left in the clear on removable media-- with tape loss or qualified access being discovered long after the fact. Unauthorized users have more time to readily read tape data, analyze confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job"
steer, tip, wind, hint, lead and, in some cases, rebuild entire systems. Tapes used for bulk data transport can be misdelivered, lost or accessed with little owner awareness.
With replication, system snapshots are duplicated and often stored at various stages outside the primary site. Replication and tape virtualization An umbrella term for enhancing a computer's ability to do work. Following are the ways virtualization is used.
Partitioning the computer's memory into separate and isolated "virtual machines" simulates multiple machines within one physical computer. capabilities offer better automation for system and data recovery purposes. It is this automation that can also increase liabilities should access be breached and images copied.
Lastly, storage administrators and service providers who manage and support backup processes/resources have greater knowledge about, and more immediate access to, this stored data. While enterprises have implemented access controls and tighter infrastructure management provisions, such safeguards fall short of protecting access to the tape media and data repositories See repository. . Additional safeguards should be reviewed to further enhance data integrity and confidentiality--namely, stored data authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. and encryption.
Security Building Blocks
What terms are used to describe strong security besides physical access controls? Strong encryption An encryption method that uses a very large number as its cryptographic key. The larger the key, the longer it takes to unlawfully break the code. Today, 256 bits is considered strong encryption. As computers become faster, the length of the key must be increased. converts clear data (plain text) into an unreadable form called "cipher-text" using a secret key or password that is unbreakable without the particular decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. key. Authentication is a process to validate a transmission, message or originator by assuring the identification a given user or system--typically in the form of passwords or digital certificates (issued by a trusted authority). Authorization determines what an authenticated au·then·ti·cate
tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates
To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. entity is granted permission to do or access. Integrity is a process that establishes that data has not been modified. A key is a value that when applied to a cryptographic algorithm can be used for strong data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign , authentication, and integrity. Key management determines how keys are created, protected, distributed, recovered, updated and terminated. Strong encryption, authentication, authorization, data integrity, and centralized cen·tral·ize
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es
1. To draw into or toward a center; consolidate.
2. key management are the means to best miti gate the access exposures in tape media, virtualized tape systems and replicated images critical for authorized data/system recovery.
Given the distributed nature of secondary storage, considerations must be made regarding data management (e.g. compression), key management and data recovery. An ideal solution would support transparent deployment, enforce a security policy, enable central and remote management and be simple to implement--if not abstracted from day-to-day administration. It would also need to address the unique persistent storage requirements involved with ensuring archival and recovery processes. For recovery purposes, encrypted tapes may need to contain metadata that securely reference the encryption system used to protect the tape. This can be implemented at the host, the storage subsystem The part of a computer system that provides the storage. It includes the controller and disk drives. See storage system. or in a tape media security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. .
Security is more likely to be adopted when it is transparent and non-obtrusive. Secondary storage data protection should accommodate different devices form factors, media types, volumes, media pools, interfaces, host types, media rates and so on. It should not impede the performance (read-write data rates) of the tape device--especially true for virtualized tape (disks that look like tape libraries). Operators should be able to continue to perform their tasks normally with functionality that can be deployed/enforced online, offline and nearline.
Keys will need to be mapped to media catalog data (which is vendor specific) to avoid affecting long term archival recovery. These keys will have a longer life--thus they will require protection against brute force attack The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext. See dictionary attack. See also brute force programming. (e.g. 56-bit DES will not suffice) and reasonable rekeying In cryptography, rekeying refers to the process of changing the encryption key of an ongoing communication in order to limit the amount of data encrypted with the same key. techniques (replacing an original key used in data protection with a new key). These characteristics ensure that storage administrators can add security into their functions without compromising data recovery or normal operating policies, processes, and procedures.
Alternative Implementation Options
Implementing data encryption using backup software See backup program.
(tool, software) backup software - Software for doing a backup, often included as part of the operating system.
Backup software should provide ways to specify what files get backed up and to where. at the host or backup server A computer in a network used to store copies of files from client machines or other servers. Such servers typically have their disks set up in a RAID configuration to provide fault tolerance. See backup program, RAID, SAN and LAN free backup. can produce performance bottlenecks--impacting application response and performance. Encryption keys would need to be protected and managed on the backup entities--a difficulty based on the number of hosts and their location(s). This may require the installation and managing of new software, hardware or drives on the application server or at the client. This may mandate changes to your backup applications--both on the local and remote recovery locations.
Implementing data protection at the tape library may provide considerable benefit. Library vendors are already providing media management and compression capabilities. However, this may increase the library/system cost and form factor. Here too, key management must be taken into account. This can become more complex for companies that employ different, remote or third-party-managed library systems--in which the library systems may vary at each location.
Encrypting files prior to backup is another approach that has strengths and weaknesses. If the file structure/workgroup dynamics are relatively static and simple, then the management overhead associated with file encryption may be acceptable. With such an approach strong discretionary access controls An access control system that permits specific entities (people, processes, devices) to access system resources according to permissions for each particular entity. Contrast with mandatory access control and role-based access control. can be enforced in regards to files. However, this approach can be complex in a majority of enterprise-class environments that have a large number of files, changing file attributes, users and associated crypto See cryptography. keys.
This can make recovery difficult, as these files are backed up and restored at remote locations and on different media which may not have the same access requirements or infrastructure. Avoiding this issue would require replicating the primary environment--which is not often economically feasible.
A file-encryption approach may not address other applications, such as email and large databases, which may write directly to disk in raw partitions. Additionally, there are some cases in which one will loose the ability to backup primary data unless the data encryption is application specific. For example, if an application needs to recover a specific database table, one will need to have the primary environment completely mirrored on the secondary site if one encrypts the entire database file.
An Appliance Approach
By placing storage security functionality in a separately managed solution, companies can employ a more cost-effective implementation. An appliance offers the benefit of performance, centralized management, protected/managed keys, flexible deployment and seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. . A built for purpose encryption device offloads the processing burden associated with media encryption with nominal latency. It can support compression of the stored data prior to encryption--which would otherwise be lost if data was encrypted before it was compressed to tape.
It also offers the means for centralized management of the security function, which, in turn, provides significantly improved policy enforcement and key protection. Essentially, the keys are maintained by the appliance, associated and tracked to stored data and media, and never leave the box in the clear. An appliance can be managed remotely and placed closest to the storage library or virtualized tape--regardless of vendor, application or location. And an appliance could support protection of media across different backup applications without affecting local system administration procedures/workload. This uniformity equates to lower cost of ownership and more reliable recovery.
Storage media protection provides advantages to a broad range of secondary storage applications. Encryption and authentication can ensure authorized access to media and that the data itself has not been tampered or corrupted. It can facilitate shared and managed tape resources. It can enable outsourcing of backup and recovery functions by eliminating perceived and actual risk to/liability of unauthorized access. It can better protect bulk data distribution (which by definition is outside the trust boundary of internal operations) by assuring protection regardless if tapes are lost, stolen, or miss-delivered. It can reduce costs associated with destroying tapes containing sensitive information (since the data is encrypted). Encryption can eliminate the possibility of valued, trusted or regulated data being used should a tape, virtualized media or replicated image access be breached. Authentication can detect media data corruption Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. or tampering tampering The adulteration of a thing. See Drug tampering. during restore for strong integrity. Lastly, protecting stored data can provide compliance to ecommerce, healthcare, FDA FDA
Food and Drug Administration
n.pr See Food and Drug Administration.
n.pr the abbreviation for the Food and Drug Administration. , EU and other privacy legislation.
Secondary storage is about preservation, integrity and availability... confidentiality can now be addressed as part of a layered defense strategy for potentially distributed backup and replication data.
Scoll Cordon cor·don
1. A line of people, military posts, or ships stationed around an area to enclose or guard it.
2. A cord or braid worn as a fastening or ornament.
3. is vice president of marketing at NeoScale Systems (Milpilas, Calif.)